ThinkPHP Multiple Parameter RCE
High Nessus Plugin ID 121621
SynopsisThe remote web server hosts a web application that allows an attacker to upload arbitrary PHP files.
DescriptionThe version of ThinkPHP hosted on the remote web server allows an unauthenticated, remote attacker to execute arbitrary php code through multiple parameters.
SolutionUpgrade or patch ThinkPHP to a non-affected version.